SUMMARY: fake users in sendmail/POP

From: Marcelo Maraboli (maraboli@dcsc.utfsm.cl)
Date: Mon May 19 1997 - 14:14:11 CDT


Hello Folks..

Sorry I took so long to post this SUMMARY, but I even tested
some of the answers...

The original question...

<> recently there have been a bunch of users who send messages
<> and "any" account....like "santa@north.pole" and so on..
<>
<> they just configure the POP3 client as that "username" and
<> they send messages...
<>
<> I know you can do this with a telnet to port 25, but it's not
<> the case..
<>
<> my question is..
<>
<> is there a way to VERIFY if a user connects via POP to
<> my server it MUST have an account there??

Some of the following answers tend to prevent mail SPAM
(name for this mailing), but some of them just prevent fake DOMAINs.

I must clarufy that POP3 protocol is only used to RETRIEVE mail
from your POP account. When POP3 clients want to send mail, they
just contact PORT 25 and send, so that's the way they SPOOF mail.
(Steve Snodgrass <ssnodgra@fore.com>)

You CAN restrict POP RETRIEVE access with the AUTHFILE and
NONAUTHFILE features of qpopper2.3 (which is what i use).

To restrict sendmail SPoofing...you might want to check:

1.- http://spam.abuse.net/spam/
        Stephen Harris <sweh@mpn.com> sent this contribution along with:

I use the following in my sendmail config.

  Scheck_mail
  # Only accept mail from valid domain names
  R<> $@ OK Postmaster
  R$* $: <?> $>99 $1 canonicalise
  R<?> $* < @ $+ . > $@ OK if end in . then
resolves
  R<?> $* < @ $+ > $#error $: 451 host $&{client_addr} we can not
resolve domain $2
  R$* $@ OK
This means that the machine name must be resolvable (so if xyzzy.com
doesn't
exist in the DNS, then user@xyzzy.com will be rejected). It's a partial
solution....

It uses error 451 which tells the remote machine to retry later, just in
case DNS slowdowns stop the name being checked that instant... it
happens
occaisionally.

** Haven't tried it, but i'm reading the link to spam..

2.- rali@meitca.com (Reto Lichtensteiger)

Put the following in the LOCAL_RULESET of your m4 config and rebuild the
cf file (or just add it to the rules in ruleset 98):

   # check for valid domain name
   R$*<@$*$~P>$* $#error $@ 4.1.8 $: "418 invalid host name"

** tried it , but sendmail 8.8.5 doesn't seem to link it.

3.- gibian@stars1.hanscom.af.mil (Marc S. Gibian)

        Use X.400 email systems

4.- Rich Pieri <rich.pieri@prescienttech.com>

check out anti-spam techniques in http://www.sendmail.org/

** currently doing that...

5.- Neil Sakuma <unifex@digital.net>

We've recently added some rulesets to Sendmail (8.8.5) on our mail
server
(SS 10, Solaris 2.5.1) that block relaying, and filter out (some) spam.
Check out the following web site:

http://www.informatik.uni-kiel-de/~ca/email/check.html

** currently doing that also..

6.- Claus Assmann <ca@informatik.uni-kiel.de>

You may have a look at:
http://www.informatik.uni-kiel.de/%7Eca/email/examples/Herron.html

Hope this summary clarifies all the answers to people who also
wanted to know...

Thanks to all these people and many more for their responses and time.

-- 
Marcelo Maraboli Rosselott
Jefe de Area de Redes (Network Administrator)
Direccion Central de Servicios Computacionales (DCSC)
Universidad Tecnica Federico Santa Maria, Chile.

|--| |-[]-| |--| C: uCapacitor The Beginning of the | C I C | I: Electronic New Electronic Age | | Island "Quantum Electronics, That's COOL!" |------()------| V: Voltage "Shut up, Beavis!" V + -

mailto:maraboli@dcsc.utfsm.cl http://www.dcsc.utfsm.cl/~maraboli ------------------------------------------------------------------/



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:11:55 CDT